“We`re From the Government and We`re Here to

advertisement
“We’re From the Government and We’re Here to
Help You”
Privacy Initiatives at the
U.S. Department of Education
January 25, 2012
EDUCAUSE Webinar
Kathleen M. Styles, Chief Privacy Officer
Michael B. Hawes, Statistical Privacy Advisor
Presentation Overview




Overview of changes to FERPA regulations
Privacy initiatives at ED
Priorities for 2012
Interactive polls throughout
2
POLL #1
We’re presuming most of you are in the postsecondary
community. Which part of the postsecondary community
do you work in specifically?
A.
B.
C.
D.
E.
IT
Registrar/Administration/Admissions
Faculty
Other postsecondary role
Your assumption is wrong! I’m not part of the
postsecondary community
3
Background: Student Privacy





FERPA enacted 1974
Move to electronic records
State longitudinal databases
2009 Fordham report
New risks and vulnerabilities
4
Breaches by Educational
Institutions
All varieties: hacking, loss of portable device, unintentional, insider
breach, etc.
Year
Number of
Breaches
Number of
Records
2005
2006
2007
2008
2009
2010
64
103
107
103
71
73
1,886,841
2,019,119
791,938
1,107,001
1,062,275
1,575,698
2011
57
394,008
Source: Privacy Rights Clearinghouse
5
Our Favorite FERPA Quote
Received in an email:
“You know how sometimes FERPA
can tie your brain in a knot trying to
think through it all?”
6
Poll #2
Question: Which answer best characterizes your prior
experience with FERPA?
A.
B.
C.
D.
I’m a pro! I work with the statute and regs all the time
I work with FERPA, but find it confusing
I know what FERPA is, but don’t work with it often
FERPA? What’s FERPA?
7
FERPA & Postsecondary Ed
 FERPA Basics
 Health and safety emergencies
 Intersection with state and local laws
8
Early 2011 – ED Privacy
Initiatives Begin
•
•
•
•
FERPA Notice of Proposed Rulemaking
Best Practices -- NCES Technical Briefs
Privacy Technical Assistance Center (PTAC)
Chief Privacy Officer
9
Late 2011: Building on Progress
•
•
•
•
Regulatory changes
PTAC best practice documents
Privacy Advisory Committee
Soliciting input
10
FERPA Regulatory Changes
 274 Comments received
 Final FERPA regulatory changes
– December 2, 2011 Federal Register
– Effective January 3, 2012
 The new regulations serve to:
– Strengthen enforcement
– Help ensure student privacy
– Improve program effectiveness
11
New Definitions for Audits and
Evaluations
 Authorized Representative
– Any entity or individual designated by a State or local educational authority
or an agency headed by an official… to conduct—with respect to Federalor State-supported education programs—any audit or evaluation, or any
compliance or enforcement activity in connection with Federal legal
requirements that relate to these programs (FERPA regulations, § 99.3).
 Education Program
– Any program principally engaged in the provision of education, including,
but not limited to, early childhood education, elementary and secondary
education, postsecondary education, special education, job training, career
and technical education, and adult education, and any program that is
administered by an educational agency or institution (FERPA regulations §
99.3).
12
FERPA Regulatory Changes –
Audit and Evaluation




Authorized Representative
Written Agreements
Reasonable Methods
“Guidance on Reasonable Methods and Written
Agreements”
13
FERPA Regulatory Changes –
Studies Exception
 State educational authorities acting on behalf of their
constituent schools
 Requirement for written agreements
14
POLL – Directory Information
 Does your institution currently have a directory
information policy?
A.
B.
C.
D.
Yes, we have a directory information policy
Sort-of. We have a policy, but it could use improvement
No, we don’t have a directory information policy
Directory information? What’s that?
15
FERPA Regulatory Changes –
Directory Information
 ID badges
 Limited directory information
16
POLL – FERPA and Directory
Information
 In light of the recent FERPA reg changes, do you think
your institution will change its directory information
policy?
A.
B.
C.
D.
Yes
Maybe
No
We don’t have a policy
17
FERPA Regulatory Changes Enforcement
 Enforcement against entities without students
 5 year ban
18
Priorities for 2012
 Guidance and Best Practices
 Inter-Agency Collaboration
 Publishing Data While Protecting PII
19
Guidance!
PTAC Initiatives
–
–
–
–
–
Move to CPO Office
Expansion to LEAs
Coordination with FPCO
Site visits and regional meetings
Helping organizations come into compliance
Guidance Documents and Training Resources
Case studies
20
Best Practices and Guidance
Resources
 Guidance on Reasonable Methods and Written Agreements
 Data Stewardship: Managing Personally Identifiable Information in
Electronic Student Education Records
 Basic Concepts and Definitions for Privacy and Confidentiality in Student
Education Records
 Responding to IT Security Audits: Improving Data Security Practices
 Data Security: Top Threats to Data Protection
 Data Security Checklist
 Data Governance and Stewardship
 Data Governance Checklist
 Data Security and Management Training: Best Practice Considerations
21
Inter-Agency Collaboration
 Agriculture: Free and reduced price lunch data
 Federal Trade Commission: Child ID theft
 Health and Human Services: Early Childhood
programs
 Department of Justice: Patriot Act amendments to
FERPA
22
Data Release Policy





Utility vs. privacy in data tables
Disclosure avoidance in an information-rich world
A need for more uniformity and rigor
Strong public interest
Data Release Working Group
23
Unsettled Questions
 Cloud Computing
 Video Recordings
 Email
24
Privacy AND Transparency
 Culture of confidentiality
 Maintaining transparency
25
Have Questions?
Family Policy Compliance Office
Telephone:
(202) 260-3887
Privacy Technical Assistance Center
Telephone:
(855) 249-3072
[email protected]
Email:
[email protected]
Email:
FAX:
(202) 260-9001
FAX: (855) 249-3073
Website: www.ed.gov/fpco
Website:
www.ed.gov/ptac
26
Contact Information
Kathleen Styles
Chief Privacy Officer
U.S. Department of Education
[email protected]
(202) 453-5587
Michael Hawes
Statistical Privacy Advisor
U.S. Department of Education
[email protected]
(202) 453-7017
27
Poll - Feedback
Question: How helpful did you find today’s webinar?
A. Very helpful!
B. Somewhat helpful.
C. Not at all helpful.
28
Download
Related flashcards

Political science

34 cards

Types of organization

17 cards

Liberalism

24 cards

Liberalism

46 cards

Liberal parties

74 cards

Create Flashcards